diff --git a/CHANGELOG.md b/CHANGELOG.md index e63c7b9..351ac82 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,54 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [Unreleased] +## [3.2.0] - 2026-01-14 + +### Added +- **guide/data-privacy.md** - Comprehensive data privacy documentation (NEW, ~200 lines) + - TL;DR retention table: 5 years (default) | 30 days (opt-out) | 0 (Enterprise ZDR) + - Data flow diagram showing what leaves your machine + - Known risks with MCP database connections + - Protection measures (excludePatterns, hooks, MCP safety) + - Quick checklist for immediate action + +- **README.md** - Privacy notice encart (3 lines after transparency note) + - Retention summary with action link + - Direct link to opt-out and full guide + +- **guide/ultimate-guide.md** - Section 2.6 "Data Flow & Privacy" (~45 lines) + - Data types sent table + - Retention policies table + - Link to dedicated guide + - Updated TOC and quick jump navigation + +- **tools/onboarding-prompt.md** - Phase 0.5 Privacy Awareness + - Privacy notice shown after level assessment + - Asks user about privacy settings configuration + +- **tools/audit-prompt.md** - Privacy configuration checks + - Phase 1.2: PRIVACY CONFIGURATION bash checks + - Phase 2.1: Privacy Configuration checklist + - Glossary: "Data Retention" and "excludePatterns" terms + +- **examples/scripts/audit-scan.sh** - PRIVACY CHECK section + - Human output: .env exclusion check, DB MCP warning, opt-out link + - JSON output: `"privacy"` object with env_excluded, has_db_mcp, opt_out_link, guide_link + +- **examples/scripts/check-claude.sh** - Privacy reminder section + - Shows retention info and opt-out link during health check + +- **examples/hooks/bash/privacy-warning.sh** - SessionStart hook (NEW) + - Displays privacy reminder box once per terminal session + - Suppresses with `PRIVACY_WARNING_SHOWN=1` env var + +- **guide/cheatsheet.md** - Golden Rule #7 added + - "Know what's sent — prompts, files, MCP results → Anthropic" + +### Stats +- 2 new files created (data-privacy.md, privacy-warning.sh) +- 8 files modified (README, guide, cheatsheet, audit-scan, check-claude, onboarding, audit-prompt) +- Focus on user awareness of data retention and actionable opt-out + ## [3.1.0] - 2026-01-13 ### Changed diff --git a/README.md b/README.md index f2b1a00..130a684 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,12 @@ --- +> **Privacy Notice**: Claude Code sends your prompts, file contents, and MCP results to Anthropic servers. +> - **Default**: 5 years retention (training enabled) | **Opt-out**: 30 days | **Enterprise**: 0 +> - **Action**: [Disable training](https://claude.ai/settings/data-privacy-controls) | [Full privacy guide](./guide/data-privacy.md) + +--- + **Start here:** - [Cheat Sheet](./guide/cheatsheet.md) — print this, start coding - [15-min Quick Start](./guide/ultimate-guide.md#1-quick-start-day-1) — first workflow diff --git a/examples/hooks/bash/privacy-warning.sh b/examples/hooks/bash/privacy-warning.sh new file mode 100644 index 0000000..5128b80 --- /dev/null +++ b/examples/hooks/bash/privacy-warning.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# privacy-warning.sh - Warn users about data sent to Anthropic +# +# Hook type: SessionStart +# Triggers: Once at the beginning of each Claude Code session +# +# Purpose: +# Reminds users that their prompts, files, and MCP results are sent to Anthropic. +# Provides link to opt-out of training data (reduces retention from 5 years to 30 days). +# +# Installation: +# 1. Copy to .claude/hooks/SessionStart/ +# 2. Make executable: chmod +x privacy-warning.sh +# 3. Register in hooks config (see Claude Code docs) +# +# Configuration: +# Set PRIVACY_WARNING_SHOWN=1 in your environment to suppress after first run. +# +# Reference: https://github.com/FlorianBruniaux/claude-code-ultimate-guide/blob/main/guide/data-privacy.md + +# Only show once per terminal session +if [[ -n "$PRIVACY_WARNING_SHOWN" ]]; then + exit 0 +fi + +# Output privacy reminder +echo "" +echo "┌─────────────────────────────────────────────────────────────────┐" +echo "│ 🔐 PRIVACY REMINDER │" +echo "├─────────────────────────────────────────────────────────────────┤" +echo "│ Your prompts, files, and MCP results are sent to Anthropic. │" +echo "│ │" +echo "│ Retention: 5 years (default) → 30 days (opt-out training) │" +echo "│ │" +echo "│ Disable training: claude.ai/settings/data-privacy-controls │" +echo "└─────────────────────────────────────────────────────────────────┘" +echo "" + +# Mark as shown for this terminal session +export PRIVACY_WARNING_SHOWN=1 + +# Always exit 0 to allow session to continue +exit 0 diff --git a/examples/scripts/audit-scan.sh b/examples/scripts/audit-scan.sh index 7d82de6..67e71da 100755 --- a/examples/scripts/audit-scan.sh +++ b/examples/scripts/audit-scan.sh @@ -588,6 +588,12 @@ if [[ "$OUTPUT_MODE" == "json" ]]; then "claude_md_lines": $CLAUDE_MD_LINES, "claude_md_refs": $CLAUDE_MD_REFS }, + "privacy": { + "env_excluded": $([ -f "./.claude/settings.json" ] && grep -q '\.env' "./.claude/settings.json" 2>/dev/null && echo "true" || echo "false"), + "has_db_mcp": $(echo "$MCP_ALL_SERVERS" | grep -qiE "postgres|neon|supabase|mysql|database" 2>/dev/null && echo "true" || echo "false"), + "opt_out_link": "https://claude.ai/settings/data-privacy-controls", + "guide_link": "guide/data-privacy.md" + }, "mcp": { "configured": $([ -n "$MCP_SERVERS" ] && echo "true" || echo "false"), "count": $MCP_COUNT, @@ -649,6 +655,24 @@ else fi fi + echo -e "\n${BLUE}🔐 PRIVACY CHECK${NC}" + # Check excludePatterns for sensitive files + HAS_ENV_EXCLUSION="false" + if [[ -f "./.claude/settings.json" ]]; then + grep -q '\.env' "./.claude/settings.json" 2>/dev/null && HAS_ENV_EXCLUSION="true" + fi + + [[ "$HAS_ENV_EXCLUSION" == "true" ]] && echo -e " ${GREEN}✅${NC} .env excluded in settings" || echo -e " ${RED}⚠️${NC} .env NOT excluded (add to excludePatterns)" + + # Check for database MCP servers (production risk) + if echo "$MCP_ALL_SERVERS" | grep -qiE "postgres|neon|supabase|mysql|database" 2>/dev/null; then + echo -e " ${YELLOW}⚠️${NC} Database MCP detected → ensure NOT production data" + fi + + # Privacy reminders + echo -e " ${CYAN}💡${NC} Opt-out training: https://claude.ai/settings/data-privacy-controls" + echo -e " ${CYAN}💡${NC} Full guide: guide/data-privacy.md" + echo -e "\n${BLUE}🔌 MCP SERVERS${NC}" if [[ -n "$MCP_ALL_SERVERS" ]]; then echo -e " ${GREEN}✅${NC} Configured ($MCP_COUNT total): $MCP_ALL_SERVERS" diff --git a/examples/scripts/check-claude.sh b/examples/scripts/check-claude.sh index b38175a..2ae77ef 100644 --- a/examples/scripts/check-claude.sh +++ b/examples/scripts/check-claude.sh @@ -26,6 +26,11 @@ else echo "✗ ANTHROPIC_API_KEY not set" fi +echo -e "\n--- Privacy Reminder ---" +echo "⚠️ Your prompts and file contents are sent to Anthropic" +echo " Default retention: 5 years (training) | Opt-out: 30 days" +echo " → Disable training: https://claude.ai/settings/data-privacy-controls" + echo -e "\n--- MCP Servers ---" claude mcp list diff --git a/guide/cheatsheet.md b/guide/cheatsheet.md index a06de83..cfbcee5 100644 --- a/guide/cheatsheet.md +++ b/guide/cheatsheet.md @@ -6,7 +6,7 @@ **Written with**: Claude (Anthropic) -**Version**: 3.1.0 | **Last Updated**: January 2026 +**Version**: 3.2.0 | **Last Updated**: January 2026 --- @@ -314,6 +314,7 @@ claude -p "fix typos" --dangerously-skip-permissions 4. **Plan Mode first** for complex/risky tasks 5. **Create CLAUDE.md** for every project 6. **Commit frequently** after each completed task +7. **Know what's sent** — prompts, files, MCP results → Anthropic ([opt-out training](https://claude.ai/settings/data-privacy-controls)) --- @@ -378,4 +379,4 @@ where.exe claude; claude doctor; claude mcp list **Author**: Florian BRUNIAUX | [@Méthode Aristote](https://methode-aristote.fr) | Written with Claude -*Last updated: January 2026 | Version 3.0.7* +*Last updated: January 2026 | Version 3.2.0* diff --git a/guide/data-privacy.md b/guide/data-privacy.md new file mode 100644 index 0000000..8aeb38c --- /dev/null +++ b/guide/data-privacy.md @@ -0,0 +1,289 @@ +# Data Privacy & Retention Guide + +> **Critical**: Everything you share with Claude Code is sent to Anthropic servers. This guide explains what data leaves your machine and how to protect sensitive information. + +## TL;DR - Retention Summary + +| Configuration | Retention Period | Training | How to Enable | +|---------------|------------------|----------|---------------| +| **Default** | 5 years | Yes | (default state) | +| **Opt-out** | 30 days | No | [claude.ai/settings](https://claude.ai/settings/data-privacy-controls) | +| **Enterprise (ZDR)** | 0 days | No | Enterprise contract | + +**Immediate action**: [Disable training data usage](https://claude.ai/settings/data-privacy-controls) to reduce retention from 5 years to 30 days. + +--- + +## 1. Understanding the Data Flow + +### What Leaves Your Machine + +When you use Claude Code, the following data is sent to Anthropic: + +``` +┌─────────────────────────────────────────────────────────────┐ +│ YOUR LOCAL MACHINE │ +├─────────────────────────────────────────────────────────────┤ +│ • Prompts you type │ +│ • Files Claude reads (including .env if not excluded!) │ +│ • MCP server results (SQL queries, API responses) │ +│ • Bash command outputs │ +│ • Error messages and stack traces │ +└───────────────────────┬─────────────────────────────────────┘ + │ + ▼ HTTPS +┌─────────────────────────────────────────────────────────────┐ +│ ANTHROPIC API │ +├─────────────────────────────────────────────────────────────┤ +│ • Processes your request │ +│ • Stores conversation based on retention policy │ +│ • May use data for model training (if not opted out) │ +└─────────────────────────────────────────────────────────────┘ +``` + +### What This Means in Practice + +| Scenario | Data Sent to Anthropic | +|----------|------------------------| +| You ask Claude to read `src/app.ts` | Full file contents | +| You run `git status` via Claude | Command output | +| MCP executes `SELECT * FROM users` | Query results with user data | +| Claude reads `.env` file | API keys, passwords, secrets | +| Error occurs in your code | Full stack trace with paths | + +--- + +## 2. Anthropic Retention Policies + +### Tier 1: Default (Training Enabled) + +- **Retention**: 5 years +- **Usage**: Model improvement, training data +- **Applies to**: Free, Pro, Max plans without opt-out + +### Tier 2: Training Disabled (Opt-Out) + +- **Retention**: 30 days +- **Usage**: Safety monitoring, abuse prevention only +- **How to enable**: + 1. Go to https://claude.ai/settings/data-privacy-controls + 2. Disable "Allow model training on your conversations" + 3. Changes apply immediately + +### Tier 3: Enterprise API (Zero Data Retention) + +- **Retention**: 0 days (real-time processing only) +- **Usage**: None - data not stored +- **Requires**: Enterprise contract with Anthropic +- **Use cases**: HIPAA, GDPR, PCI-DSS compliance, government contracts + +--- + +## 3. Known Risks + +### Risk 1: Automatic File Reading + +Claude Code reads files to understand context. By default, this includes: + +- `.env` and `.env.local` files (API keys, passwords) +- `credentials.json`, `secrets.yaml` (service accounts) +- SSH keys if in workspace scope +- Database connection strings + +**Mitigation**: Configure `excludePatterns` (see Section 4). + +### Risk 2: MCP Database Access + +When you configure database MCP servers (Neon, Supabase, PlanetScale): + +``` +Your Query: "Show me recent orders" + ↓ +MCP Executes: SELECT * FROM orders LIMIT 100 + ↓ +Results Sent: 100 rows with customer names, emails, addresses + ↓ +Stored at Anthropic: According to your retention tier +``` + +**Mitigation**: Never connect production databases. Use dev/staging with anonymized data. + +### Risk 3: Shell Command Output + +Bash commands and their output are included in context: + +```bash +# This output goes to Anthropic: +$ env | grep API +OPENAI_API_KEY=sk-abc123... +STRIPE_SECRET_KEY=sk_live_... +``` + +**Mitigation**: Use hooks to filter sensitive command outputs. + +### Risk 4: Documented Community Incidents + +| Incident | Source | +|----------|--------| +| Claude reads `.env` by default | r/ClaudeAI, GitHub issues | +| DROP TABLE attempts on poorly configured MCP | r/ClaudeAI | +| Credentials exposed via environment variables | GitHub issues | +| Prompt injection via malicious MCP servers | r/programming | + +--- + +## 4. Protective Measures + +### Immediate Actions + +#### 4.1 Opt-Out of Training + +1. Visit https://claude.ai/settings/data-privacy-controls +2. Toggle OFF "Allow model training" +3. Retention reduces from 5 years to 30 days + +#### 4.2 Configure File Exclusions + +In `.claude/settings.json`: + +```json +{ + "excludePatterns": [ + ".env", + ".env.*", + "**/.env", + "**/.env.*", + "**/credentials*", + "**/secrets*", + "**/*.pem", + "**/*.key", + "**/service-account*.json" + ] +} +``` + +Or create `.claudeignore` in project root: + +```gitignore +# Secrets +.env +.env.* +*.pem +*.key +credentials.json +secrets/ + +# Sensitive configs +**/config/production.* +``` + +#### 4.3 Use Security Hooks + +Create `.claude/hooks/PreToolUse.sh`: + +```bash +#!/bin/bash +INPUT=$(cat) +TOOL_NAME=$(echo "$INPUT" | jq -r '.tool.name') + +if [[ "$TOOL_NAME" == "Read" ]]; then + FILE_PATH=$(echo "$INPUT" | jq -r '.tool.input.file_path') + + # Block reading sensitive files + if [[ "$FILE_PATH" =~ \.env|credentials|secrets|\.pem|\.key ]]; then + echo "BLOCKED: Attempted to read sensitive file: $FILE_PATH" >&2 + exit 2 # Block the operation + fi +fi +``` + +### MCP Best Practices + +| Rule | Rationale | +|------|-----------| +| **Never connect production databases** | All query results sent to Anthropic | +| **Use read-only database users** | Prevents DROP/DELETE/UPDATE accidents | +| **Anonymize development data** | Reduces PII exposure risk | +| **Create minimal test datasets** | Less data = less risk | +| **Audit MCP server sources** | Third-party MCPs may have vulnerabilities | + +### For Teams + +| Environment | Recommendation | +|-------------|----------------| +| **Development** | Opt-out + exclusions + anonymized data | +| **Staging** | Consider Enterprise API if handling real data | +| **Production** | NEVER connect Claude Code directly | + +--- + +## 5. Comparison with Other Tools + +| Feature | Claude Code + MCP | Cursor | GitHub Copilot | +|---------|-------------------|--------|----------------| +| Data scope sent | Full SQL results, files | Code snippets | Code snippets | +| Production DB access | Yes (via MCP) | Limited | Not designed for | +| Default retention | 5 years | Variable | 30 days | +| Training by default | Yes | Opt-in | Opt-in | + +**Key difference**: MCP creates a unique attack surface because MCP servers are separate processes with independent network/filesystem access. + +--- + +## 6. Enterprise Considerations + +### When to Use Enterprise API (ZDR) + +- Handling PII (names, emails, addresses) +- Regulated industries (HIPAA, GDPR, PCI-DSS) +- Client data processing +- Government contracts +- Financial services + +### Evaluation Checklist + +- [ ] Data classification policy exists for your organization +- [ ] API tier matches data sensitivity requirements +- [ ] Team trained on privacy controls +- [ ] Incident response plan for potential data exposure +- [ ] Legal/compliance review completed + +--- + +## 7. Quick Reference + +### Links + +| Resource | URL | +|----------|-----| +| Privacy settings | https://claude.ai/settings/data-privacy-controls | +| Anthropic usage policy | https://www.anthropic.com/policies | +| Enterprise information | https://www.anthropic.com/enterprise | +| Terms of service | https://www.anthropic.com/legal/consumer-terms | + +### Commands + +```bash +# Check current Claude config +claude /config + +# Verify exclusions are loaded +claude /status + +# Run privacy audit +./examples/scripts/audit-scan.sh +``` + +### Quick Checklist + +- [ ] Training opt-out enabled at claude.ai/settings +- [ ] `.env*` files in excludePatterns or .claudeignore +- [ ] No production database connections via MCP +- [ ] Security hooks installed for sensitive file access +- [ ] Team aware of data flow to Anthropic + +--- + +## Changelog + +- 2026-01: Initial version - documenting retention policies and protective measures diff --git a/guide/ultimate-guide.md b/guide/ultimate-guide.md index fb93b99..44e9424 100644 --- a/guide/ultimate-guide.md +++ b/guide/ultimate-guide.md @@ -10,7 +10,7 @@ **Last updated**: January 2026 -**Version**: 3.1.0 +**Version**: 3.2.0 --- @@ -112,6 +112,7 @@ Context full → /compact or /clear - [2.3 Plan Mode](#23-plan-mode) - [2.4 Rewind](#24-rewind) - [2.5 Mental Model](#25-mental-model) + - [2.6 Data Flow & Privacy](#26-data-flow--privacy) - [3. Memory & Settings](#3-memory--settings) - [3.1 Memory Files (CLAUDE.md)](#31-memory-files-claudemd) - [3.2 The .claude/ Folder Structure](#32-the-claude-folder-structure) @@ -875,7 +876,7 @@ Keep Copilot/Cursor for: # 2. Core Concepts -_Quick jump:_ [The Interaction Loop](#21-the-interaction-loop) · [Context Management](#22-context-management) · [Plan Mode](#23-plan-mode) · [Rewind](#24-rewind) · [Mental Model](#25-mental-model) +_Quick jump:_ [The Interaction Loop](#21-the-interaction-loop) · [Context Management](#22-context-management) · [Plan Mode](#23-plan-mode) · [Rewind](#24-rewind) · [Mental Model](#25-mental-model) · [Data Flow & Privacy](#26-data-flow--privacy) --- @@ -2211,6 +2212,48 @@ cat claudedocs/templates/code-review.xml | \ > **Source**: [DeepTo Claude Code Guide - XML-Structured Prompts](https://cc.deeptoai.com/docs/en/best-practices/claude-code-comprehensive-guide) +## 2.6 Data Flow & Privacy + +> **Important**: Everything you share with Claude Code is sent to Anthropic servers. Understanding this data flow is critical for protecting sensitive information. + +### What Gets Sent to Anthropic + +When you use Claude Code, the following data leaves your machine: + +| Data Type | Example | Risk Level | +|-----------|---------|------------| +| Your prompts | "Fix the login bug" | Low | +| Files Claude reads | `.env`, `src/app.ts` | **High** if contains secrets | +| MCP query results | SQL query results with user data | **High** if production data | +| Command outputs | `env \| grep API` output | Medium | +| Error messages | Stack traces with file paths | Low | + +### Retention Policies + +| Configuration | Retention | How to Enable | +|---------------|-----------|---------------| +| **Default** | 5 years | (default state - training enabled) | +| **Opt-out** | 30 days | [claude.ai/settings](https://claude.ai/settings/data-privacy-controls) | +| **Enterprise (ZDR)** | 0 days | Enterprise contract | + +**Immediate action**: [Disable training data usage](https://claude.ai/settings/data-privacy-controls) to reduce retention from 5 years to 30 days. + +### Protecting Sensitive Data + +**1. Exclude sensitive files** in `.claude/settings.json`: + +```json +{ + "excludePatterns": [".env*", "**/credentials*", "**/*.pem"] +} +``` + +**2. Never connect production databases** to MCP servers. Use dev/staging with anonymized data. + +**3. Use security hooks** to block reading of sensitive files (see [Section 7.4](#74-hooks-automating-workflows)). + +> **Full guide**: For complete privacy documentation including known risks, community incidents, and enterprise considerations, see [Data Privacy & Retention Guide](./data-privacy.md). + --- # 3. Memory & Settings diff --git a/tools/audit-prompt.md b/tools/audit-prompt.md index 67aca61..010749e 100644 --- a/tools/audit-prompt.md +++ b/tools/audit-prompt.md @@ -205,6 +205,29 @@ echo -e "\n=== DOCUMENTATION ===" for d in docs/ docs/conventions/ documentation/; do [ -d "$d" ] && echo "✅ $d exists" done + +# Privacy configuration +echo -e "\n=== PRIVACY CONFIGURATION ===" +if [ -f "./.claude/settings.json" ]; then + if grep -q "\.env" ./.claude/settings.json 2>/dev/null; then + echo "✅ .env excluded in settings" + else + echo "⚠️ .env NOT in excludePatterns" + fi +else + echo "⚠️ No settings.json - .env files may be read" +fi + +# Check for database MCP servers (privacy risk) +if command -v jq &> /dev/null && [ -f ~/.claude.json ]; then + DB_MCP=$(jq -r --arg path "$CURRENT_DIR" ".projects[\$path].mcpServers // {} | keys[]" ~/.claude.json 2>/dev/null | grep -iE "postgres|neon|supabase|mysql|database" || true) + if [ -n "$DB_MCP" ]; then + echo "⚠️ Database MCP detected: $DB_MCP" + echo " → Ensure NOT connected to production data" + fi +fi + +echo "💡 Opt-out training: https://claude.ai/settings/data-privacy-controls" ' ``` @@ -273,6 +296,12 @@ For each category, evaluate against these criteria based on Phase 1 scan results - [ ] Auto-formatting hooks (PostToolUse) if needed - [ ] Context enrichment (UserPromptSubmit) if useful +**Privacy Configuration (Guide Section 2.6)** +- [ ] Training opt-out verified at claude.ai/settings +- [ ] excludePatterns includes `.env*`, `credentials*`, `*.pem` +- [ ] MCP database servers NOT connected to production +- [ ] Team aware data is sent to Anthropic (5 years default, 30 days opt-out) + **MCP Servers (Guide Section 8)** - [ ] Serena configured if large codebase (indexation + memory) - [ ] Context7 configured if using external libraries @@ -484,6 +513,8 @@ Here's an example of what the audit report looks like: | **Trinity Pattern** | Combining Plan Mode + Think Levels + MCP for complex tasks | | **Verify Gate** | CI/CD pattern: build → lint → test → typecheck before merge | | **Context Zones** | Green (0-50%), Yellow (50-70%), Red (70%+) - context usage thresholds | +| **Data Retention** | Anthropic stores conversations: 5 years (default), 30 days (opt-out), 0 days (Enterprise ZDR) | +| **excludePatterns** | Settings to prevent Claude from reading sensitive files like `.env`, credentials | ### Priority Levels Explained diff --git a/tools/onboarding-prompt.md b/tools/onboarding-prompt.md index 5d4723a..0dc4591 100644 --- a/tools/onboarding-prompt.md +++ b/tools/onboarding-prompt.md @@ -88,6 +88,24 @@ You are an expert Claude Code instructor. Your mission is to onboard me to Claud 3. **Focus Areas** (optional): Based on my level, you may ask what specific topics interest me most. +### Phase 0.5: Privacy Awareness (CRITICAL) + +**After level assessment, inform the user about data privacy:** + +⚠️ **Important Privacy Notice** (always show this): +- Everything you share with Claude Code is sent to Anthropic servers +- Default retention: **5 years** (training enabled) +- Opt-out retention: **30 days** (disable training) + +**Action required**: [Disable training](https://claude.ai/settings/data-privacy-controls) to reduce retention from 5 years to 30 days. + +**Ask**: "Have you configured your privacy settings? Should I explain more about data protection?" + +If they want more details, mention: +- Add `.env*` to excludePatterns +- Never connect production databases to MCP +- See [Data Privacy Guide](../guide/data-privacy.md) for full details + ### Phase 1: Read the Guide **After understanding my preferences, read the guide:**